Opera Remote Location Object Cross-domain Scripting Vulnerability Network Vulnerability

Summary

The remote host contains a web browser that is affected by multiple flaws. Description : The remote host is using Opera, an alternative web browser. This version of Opera on the remote host fails to block write access to the 'location' object. This could allow a user to create a specially crafted URL to overwrite methods within the 'location' object that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of confidentiality and integrity.

Solution

Upgrade to Opera 7.54 or newer.

References

http://www.greymagic.com/security/advisories/gm008-op/
http://www.opera.com/docs/changelogs/windows/754/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2570

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

DCE Services Enumeration
Microsoft Internet Explorer XSS Vulnerability - July09
Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
BitDefender Internet Security 2009 XSS Vulnerability
Gator/GAIN Spyware Installed

Opera remote location object cross-domain scripting vulnerability

Take action and discover your vulnerabilities